Disclosed are a method and an apparatus for connecting electronic devices based on biometric information without a certification server. An electronic device includes a wireless communication unit configured to perform wireless communication with an external device; a biometric recognition module; a memory; and a processor connected to the wireless communication unit, the biometric recognition module, and the memory. The processor is configured to register, in the external device, authentication information for authenticating the external device through the electronic device, establish a communication connection with the external device through the wireless communication unit, receive a request for authenticating the electronic device from the external device in response to the communication connection, acquire biometric information corresponding to a user of the electronic device using the biometric recognition module in response to the authentication request, perform device authentication for the user based on at least the biometric information, encrypt authentication information when the authentication is successfully performed, and transmit the encrypted authentication information to the external device.
Legal claims defining the scope of protection, as filed with the USPTO.
1. An electronic device comprising: a wireless communication unit configured to perform wireless communication with an external device; a memory; and a processor connected to the wireless communication unit and the memory, wherein the processor is configured to: register the external device as a companion device of the electronic device based on first authentication information of the external device, establish a communication connection with the external device through the wireless communication unit, transmit an authentication request to the external device in response to the communication connection, receive second authentication information from the external device in response to the authentication request, identify a signature for the received second authentication information, and process authentication of the electronic device through the external device when the signature of the second authentication information is identified, wherein the processor is further configured to: make a request for registering a public key infrastructure (PKI) in the external device in response to a symmetric registration request corresponding to the external device, receive the first authentication information including attestation and a user authenticator from the external device in response to the request for registering the PKI, identify a signature of the attestation based on a root certificate stored in the electronic device in response to the reception of the first authentication information, identify a signature of the user authenticator based on the identified attestation, generate and store a symmetric key for symmetric-key authentication of the external device based on the identification of the signature of the first authentication information, and map and store a PKI authentication key and the symmetric key, and wherein the symmetric key is configured not to be exposed to the external device.
2. The electronic device of claim 1 , wherein the processor is further configured to make a request for PKI authentication to the external device in response to a symmetric-key authentication request corresponding to the external device.
3. The electronic device of claim 1 , wherein the processor is further configured to identify the signature of the second authentication information based on a public key when the second authentication information is received from the external device.
4. A method of operating an electronic device, the method comprising: registering an external device as a companion device of the electronic device based on first authentication information of the external device; establishing a communication connection with the external device through a wireless communication unit; transmitting an authentication request to the external device in response to the communication connection; receiving second authentication information from the external device in response to the authentication request; identifying a signature for the received second authentication information; and processing authentication of the electronic device through the external device when the signature of the second authentication information is identified, wherein registering the external device comprises: making a request for registering a public key infrastructure (PKI) in the external device in response to a symmetric registration request corresponding to the external device; receiving the first authentication information including attestation and a user authenticator from the external device in response to the request for registering the PKI; identifying a signature of the attestation based on a root certificate stored in the electronic device in response to receiving the first authentication information; identifying a signature of the user authenticator based on the identified attestation; generating and storing a symmetric key for symmetric-key authentication of the external device based on identifying the signature of the first authentication information; and mapping and storing a PKI authentication key and the symmetric key, and wherein the symmetric key is configured not to be exposed to the external device.
5. The method of claim 4 , wherein transmitting the authentication request comprises making a request for PKI authentication to the external device in response to a symmetric-key authentication request corresponding to the external device.
6. The method of claim 4 , wherein the signature of the second authentication information is based on a public key when the second authentication information is received from the external device.
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
October 13, 2017
July 7, 2020
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.